Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG 1885353: protect openshift traffic by using dedicated flowschema #968

Merged
merged 1 commit into from Oct 15, 2020
Merged

BUG 1885353: protect openshift traffic by using dedicated flowschema #968

merged 1 commit into from Oct 15, 2020

Conversation

tkashem
Copy link
Contributor

@tkashem tkashem commented Oct 5, 2020
edited

Define dedicated flowschema and priority configuration that will protect openshift specific traffic.

  • SAR from oas is very important (exempt)
  • kcm, other oas requests, oauth server requests, metrics requests from openshift-monitoring is pretty important
  • control plane operators are important (kas-o, oas-o, auth operator, etcd operator)
  • workloads-low goes below the traffic defined above.

Question:

  • is tokenreviews from oas as important as SAR?
  • do we want to include cvo in the control plane operators, or are there traffic from any other critical operators that we should protect?

After applying the above configuration, we can see that the number of requests from workload-low drops. This implies that traffic from oas, /metrics call from openshift monitoring, traffic from control plane operators are not being throttled anymore.
image

@openshift-ci-robot
Copy link

@tkashem: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tkashem tkashem changed the title protect openshift traffic by using dedicated flowschema BUG 1885353: protect openshift traffic by using dedicated flowschema Oct 5, 2020
@openshift-ci-robot
Copy link

@tkashem: This pull request references Bugzilla bug 1885353, which is invalid:

  • expected dependent Bugzilla bug 1885356 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is ASSIGNED instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

BUG 1885353: protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Oct 5, 2020
@deads2k
Copy link
Contributor

deads2k commented Oct 5, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 5, 2020
@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link

@openshift-bot: This pull request references Bugzilla bug 1885353, which is invalid:

  • expected dependent Bugzilla bug 1885356 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is ASSIGNED instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link

@openshift-bot: This pull request references Bugzilla bug 1885353, which is invalid:

  • expected dependent Bugzilla bug 1885356 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Oct 7, 2020
@openshift-ci-robot
Copy link

@tkashem: This pull request references Bugzilla bug 1885353, which is invalid:

  • expected dependent Bugzilla bug 1885356 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

BUG 1885353: protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sttts
Copy link
Contributor

sttts commented Oct 12, 2020

/lgtm

@sttts
Copy link
Contributor

sttts commented Oct 12, 2020

/bugzilla refresh

@openshift-ci-robot
Copy link

@sttts: This pull request references Bugzilla bug 1885353, which is invalid:

  • expected dependent Bugzilla bug 1885356 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 12, 2020
@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Oct 13, 2020
@openshift-ci-robot
Copy link

@openshift-bot: This pull request references Bugzilla bug 1885353, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1885356 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1885356 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Oct 13, 2020
@tkashem
Copy link
Contributor Author

tkashem commented Oct 14, 2020

/hold

doing some research whether we need to make SAR from oas/oauth exempt.

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 14, 2020
@tkashem
protect openshift traffic
05c5bdb 
Define dedicated flowschema and priority configuration that will
protect openshift specific traffic.

- SAR from oas is very important
- kcm, other oas requests, metrics requests from openshift-monitoring
  is pretty important
- control plane operators are important (kas-o, oas-o, auth operator,
  etcd operator)
- workloads-low goes below the traffic defined above.
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Oct 14, 2020
@openshift-ci-robot
Copy link

@tkashem: This pull request references Bugzilla bug 1885353, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1885356 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1885356 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

In response to this:

BUG 1885353: protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@openshift-ci-robot
Copy link

@tkashem: This pull request references Bugzilla bug 1885353, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1885356 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1885356 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

In response to this:

BUG 1885353: protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tkashem
Copy link
Contributor Author

tkashem commented Oct 14, 2020

/retest

@tkashem
Copy link
Contributor Author

tkashem commented Oct 14, 2020

we are making SAR from oas/oauth exempt since borrowing is not supported in p&f

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 14, 2020
@wangke19
Copy link

/bugzilla cc-qa

@openshift-ci-robot
Copy link

@wangke19: This pull request references Bugzilla bug 1885353, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1885356 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1885356 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

Requesting review from QA contact:
/cc @wangke19

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wangke19
Copy link

Launched one 4.5 cluster with this PR successfully, verification steps see https://bugzilla.redhat.com/show_bug.cgi?id=1885353#c3.

@wangke19
Copy link

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 15, 2020
@deads2k
Copy link
Contributor

deads2k commented Oct 15, 2020

/lgtm

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, sttts, tkashem, wangke19

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knobunc knobunc added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 15, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit cc6cbbe into openshift:release-4.5 Oct 15, 2020
@openshift-ci-robot
Copy link

@tkashem: All pull requests linked via external trackers have merged:

Bugzilla bug 1885353 has been moved to the MODIFIED state.

In response to this:

BUG 1885353: protect openshift traffic by using dedicated flowschema

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deads2k deads2k Awaiting requested review from deads2k

@mfojtik mfojtik Awaiting requested review from mfojtik

@wangke19 wangke19 Awaiting requested review from wangke19

Assignees

@sttts sttts

@deads2k deads2k

@wangke19 wangke19

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@tkashem @openshift-ci-robot @deads2k @openshift-bot @sttts @wangke19 @knobunc @openshift-merge-robot